package net.atomarrow.sy.interceptor;

import net.atomarrow.aop.ControllerInterceptor;
import net.atomarrow.action.ActionInvocation;
import net.atomarrow.render.Render;

/**
 * 权限拦截器
 * 
 * @author Michael
 * 
 */
public class PermissionInterceptor implements ControllerInterceptor {

    @Override
    public Render intercept(ActionInvocation invocation) throws Exception {
        String xrequestedwith= invocation.getController().getRequest().getHeader("x-requested-with");
        String contentType = invocation.getController().getRequest().getContentType();
        boolean isAjax = contentType != null && contentType.contains("application/json");
        if(xrequestedwith==null){
            isAjax=false;
        }else if(xrequestedwith.equals("XMLHttpRequest")){
            isAjax=true;
        }
//        Method method = invocation.getAction().getMethod();
//        if(SecurityCheck.isNoAnnotation(method)){
//            return invocation.getController().renderJsp("/nopermission");
//        }
//       
//        if(SecurityCheck.isUncheck(method)){
//            return invocation.invoke();
//        }
//        if(SecurityCheck.isPermissionCheck(method)){
//            boolean success=SecurityCheck.permissionCheck(invocation,method);
//            if(!success){
//                return invocation.getController().renderJsp("/nopermission");
//            }
//        }
        return invocation.invoke();
    }
    
    
}
